DaveTap
join:2007-04-25
Orlando, FL
1 edit | reply to spv69
Re: CYT Device: Unlocking Information for Vtech IP8100
said by spv69  :Any success unlocking IP8100 from VTECH lately? I did everything as it described here but still getting Security Validation. "You must login to your device" From Status Screen: Firmware Version: 11.4.1-r070125 Release Number: 4.019.1-r000015 Bootloader Version: 1.3.3.1101 Still no luck. If anybody has any ideas please help! Thanks. You should not get security violation... make sure to run from command line w/VTECH argument like... C:\cyt46.exe VTECH
It will probably hang at "Simple XML provision server is waiting for you device"... I have 4 w/that version haven't unlocked. |
|
mazilo
From Mazilo
Premium
join:2002-05-30
Lilburn, GA
| reply to floriantet
Re: Is this the end of CYT ?
said by floriantet :1. Do I need a supercomputer or I can use somehow 3-4 good computers (2GHz is the slowest) in parallel ? Sure. The faster the computer, the faster the brute force program (JTR) will find the password(s). |
|
floriantet
join:2006-03-04
Rochester, MI
2 edits | reply to mazilo
said by mazilo : we need to find someone who has a supercomputer to crack this hashed key. 1. Do I need a supercomputer or I can use somehow 3-4 good computers (2GHz is the slowest) in parallel ?
2. Ok suppose I have the Eprom image for almost any device: for a new PAP2v2 or a new VT2142 or IP8100 ...
How can I extract the files (including password file) or the hashed key from the eprom image ? I'm thinking that maybe we can find out if there is or not one factory default password for admin or user |
|
spv69
join:2007-09-04
canada
1 edit | reply to boonkang
Re: CYT Device: Unlocking Information for Vtech IP8100
Any success unlocking IP8100 from VTECH lately?
I did everything as it described here but still getting Security Validation. You must login to your device … message when try to use any option from CYT.
What I did:
* Connected directly to the device.
* Open internet browser and logged in to the device using VTECH as password (found 2 ways of loggin in: user + user and vtech + vtech - this one seems to be admin level as it provide much more options to play with. admin + admin didn't work)
* Turned off windows firewall and virus protection
* Opened port 2400
* Tried over and over with all versions of CYT from 3.0 to 4.6
* From Status Screen: Firmware Version: 11.4.1-r070125
Release Number: 4.019.1-r000015
Bootloader Version: 1.3.3.1101
Still no lack.
If anybody has any ideas please help! Thanks. |
|
boonkang
join:2007-05-30
Victoria, BC
3 edits | reply to boonkang
Although IP8100 is built on the same hardware as RTP300, PAP2-V2,etc, but unlike the rest, this is a cordless phone, it supports only 1 line instead of 2 lines and it does not use IVR. Therefore, I suspect its firmware is not compatible from other CYT devices (i.e. you can not load firmare of PAP2-NA onto IP8100 to get a totally unlocked IP8100 like you can with other CYT devices).
Furthermore, IP8100 seems to have this unigue freezing and resetting problem which requires further handling after unlocking using CYT unlock software. I posted on the other thread the remedial procedure, I am posting here for wider exposure and discusion (hoping that experts like Mazilo, Rcilink and others can provide more insights to the nature of IP8100):
procedure to prevent the freezing and resetting after CYT unlocking (first draft)
1. Upgrade firmware from vtech-11.4.0-r060330-4.016.1-r000015 to vtech-11.4.1-r070125-4.019.1-r000015. (NOTE. You should NOT upgrade prior to the unlocking - it was reported that CYT may not work with the new firmware).
2. Copy the decrypted xml file to create a new copy of ti(MAC-address).xml, and edit as follows:
3. setup a tftp server on the same LAN as the IP8100. Deposit the new xml file created and edited earlier in the folder /vtech of the tftp server. (the idea is for IP8100 to do the provisioning with this "safe" copy of xml file -- instead of the Vonage copy).
4.Log into IP8100 admin page 192.168.15.1 with Admin/Admin account and edit the provisioning page as suggested by Andrew_Z:
NOTE: 192.168.5.77 is the ip address of PC where the tftp is running.
NOTE. The purpose of steps 2, 3 and 4 are necessary to prevent IP8100 from doing auto-provisioning with the VONAGE xml file which causes the freezing and resetting (and re-locking ?) problems.
My questions about this procedure:
1. The value of 900000 in the interval field suggests that IP8100 will retrieve the config file from tftp://192.168.5.77 every 9000 secconds (150 minutes), this means the setup of tftp server must be there permanently (at least when IP8100 is online). Why can't we set a very large value like 9000000 X 100000 which would yield
over 30 years for IP8100 to retrieve teh config file, so that we don't need to depend on our tftp server ?
2. There are 2 things we need to change/edit: first is the decrypted config file ti(MAC-address).xml which we deposit with the tftp server, second is the IP8100 admin page 192.168.15.1. The modifed admin page will cause IP8100 to download the config file ti(MAC-address).xml from our tftp server, would this config file update the admin page again ? If yes, would new admin page cuase IP8100 to retrieve config file from Vonage when the device goes online (i.e. connect to Internet) ? |
|
Dave2442
@rogers.com
| reply to rcilink
Re: CYT Device: Unlocking Information
This has been driving me nuts while I search around the net - I'm trying to flash a vt2442 and i understand that the firmware version I have (11.4) seems impervious to unlocking. To do so I've been trying to find 11.1 to that I can downgrade the firmware and handle it. But, all I've found (all over the net) are people acknowledging this and looking for the old version of the firmware. Could someone please give me some idea as to where to find the firmware (if it's possible at all?)??
Thanks!
Dave |
|
floriantet
join:2006-03-04
Rochester, MI
3 edits | reply to mazilo
Re: Is this the end of CYT ?
said by mazilo : So, this means the user (probably including the Admin) account on your PAP2v2 will have a factory default password even after it has been provisioned by Vonage True for user, not true for admin: only the userpwd setting is missing in xml files, the adminpwd is present in the first downloaded file (default directory) and it does contain a value unique for each adapter.
My hope is that there will be a new version of CYT that will unlock the new firmware versions (or if someone knows that is not possible, then say it). |
|
mazilo
From Mazilo
Premium
join:2002-05-30
Lilburn, GA
| reply to dm33
Re: CYT Device: Unlocking Information
said by dm33 :There are many fields in the xml file which can't be accessed via the menus. I believe you can manually edit the XML file using a notepad editor on a Windows OS.
--
Mazi (UK Non-Geo Phone: +44-703-194-2574) |
|
dm33
join:2007-07-05
Raleigh, NC
| reply to rcilink
I tried unlocking a PAP2 v2. I was able to unlock it successfully with CYT46. However the generic.xml file did not get uploaded to the phone adapter. I'd make changes to the file, resync and it wouldn't show the changes. There are many fields in the xml file which can't be accessed via the menus.
Does it work to upload the XML file? Is there some trick to it? |
|
mazilo
From Mazilo
Premium
join:2002-05-30
Lilburn, GA
| reply to floriantet
Re: Is this the end of CYT ?
said by floriantet :Unfortunately line with the userpwd setting is missing from new xml files (just downloaded them from default directory and then the second one from second directory). As a result if you have a device that is new or has been reset to factory defaults or it has been provisioned just recently, then even after provisioning the user password is probably unchanged - the same as when the device was new (factory defaults) So, this means the user (probably including the Admin) account on your PAP2v2 will have a factory default password even after it has been provisioned by Vonage. If this is true, then it is time to crack the Admin password hashed key of a PAP2v2 which I believe is the same one for every PAP2v2 units sold out there. In this case, we need to find someone who has a supercomputer to crack this hashed key using John The Ripper Password Cracker.
--
Mazi (UK Non-Geo Phone: +44-703-194-2574) |
|
floriantet
join:2006-03-04
Rochester, MI
4 edits | reply to mazilo
said by mazilo : If you suspect Vonage has change user password from tivonpw to something else, then download the XML provision file for the device you have its encryption key. Then, decrypt the file to find what is the current user password. Unfortunately line with the userpwd setting is missing from new xml files (just downloaded them from default directory and then the second one from second directory). As a result if you have a device that is new or has been reset to factory defaults or it has been provisioned just recently, then even after provisioning the user password is probably unchanged - the same as when the device was new (factory defaults) |
|
mazilo
From Mazilo
Premium
join:2002-05-30
Lilburn, GA
| reply to floriantet
said by floriantet :Of course I did for the device unlocked in the past. I now am talking about another device which was let say until yesterday in service with Vonage and it has never been unlocked. From the past experience, Vonage seems to have use a more general user password. If you suspect Vonage has change user password from tivonpw to something else, then download the XML provision file for the device you have its encryption key. Then, decrypt the file to find what is the current user password. If it is still the same as tivonpw, then you will need to wait for other readers to find out the new user password used by Vonage.
--
Mazi (UK Non-Geo Phone: +44-703-194-2574) |
|
floriantet
join:2006-03-04
Rochester, MI
1 edit | reply to lyh
said by mazilo: did you make/safe a copy of the encryption key along with the Vonage server, XML path/file names?
Of course I did for the device unlocked in the past. I now am talking about another device which was let say until yesterday in service with Vonage and it has never been unlocked. I have encountered or I have seen reports for PAP2 (1.0.22), Motorola , Vtech, WRTP54G: on the latest firmware CYT does not work and a downgrade could not be performed (as I did before) because could not log in as I could before.
For lyh put as user user not router |
|
lyh
@ln.cn |  reply to rcilink
Re: CYT Device: Unlocking Information
i can't downgrade vt2442 with logging in by router/pw:router, how can i downgrade it, if have some way, please mail to me: lyh-yh@126.com, thanks |
|
mazilo
From Mazilo
Premium
join:2002-05-30
Lilburn, GA
| reply to floriantet
Re: Is this the end of CYT ?
said by floriantet :Does any one now if there is a new password ? If not then this is the end of using CYT ? When you had your device unlocked, did you make/safe a copy of the encryption key along with the Vonage server, XML path/file names? If so, then you can manually retrieve/decrypt this XML provision file to find out what password is for the user account.
--
Mazi (UK Non-Geo Phone: +44-703-194-2574) |
|
dm33
join:2007-07-05
Raleigh, NC
| reply to floriantet
said by floriantet :A while ago CYT 4.6 stopped working for latest firmware versions. Then for a while the 'downgrade first' solution worked. Now it looks like they have changed the tivonpw password so a downgrade could not be made. Does any one now if there is a new password ? If not then this is the end of using CYT ? I bought a PAP2 v2 from bestbuy. It came with firmware 1.00.13. I let Vonage upgrade it to firmware 1.00.16.
I was still able to unlock it using CYT although I had problems getting the generic.xml configuration file to update the phone adapter.
Which firmware version doesn't work? |
|
floriantet
join:2006-03-04
Rochester, MI
1 edit | reply to boonkang
A while ago CYT 4.6 stopped working for latest firmware versions. Then for a while the 'downgrade first' solution worked. Now it looks like they have changed the tivonpw password so a downgrade could not be made. Does any one now if there is a new password ? If not then this is the end of using CYT ? |
|
boonkang
join:2007-05-30
Victoria, BC
| reply to boogerman69
Re: CYT Device: Unlocking Information
said by boogerman69 :Interesting Steve006 Since the PAP2V2 and the Vtech IP8100 are the same chipset, I have noticed that same issue with the 8100 Now after tweaking the crap out of this phone, I think I might have fixed this problem. I have had it online since about 8pm last night. It still shows registered. If it stays on, I will post what settings I can think of. One change I did make was to put an XML in a valid tftp server and I have pointed the 8100 to that server. There is some suspicion that this device will go to sleep after so many unsuccessful attempts at pulling provisioning info. I don't know anything about the PAP2v2, but maybe there is "unlocked" firmware that once loaded should stop any strange behavior. Hello, Boogerman69.
Was this annoying problem really fixed ? If so, could you kindly post the settings you used to fix the problem ?
You can email me the reponse: boon(underascore)kang(at)yahoo(dot)com. |
|
bingbing
join:2006-07-07
philippines
| reply to rcilink
Re: new release: CYT 4.6 [beta]
thanks very much for this release. i have put an old rtp300 to good use again. unlike the old versions, this one worked immediately. only downside is that it seems to work with only 1 line. any newer versions that will allow me to use both line 1 & 2? |
|
allanjohn
join:2007-04-29
Montreal, QC
| reply to mazilo
Re: CYT Device: Unlocking Information
said by mazilo :said by allanjohn :"Security Violation! You must login to your device at IP:192.168.0.4 using a web browser before using this program! This security measure prevents misuse of this program." Did you heed the above message? Yes I tried with my browser internet explorer 7 and firefox, I'm able to login in the user mode, I even tried accessing the admin page and letting the login window waiting for my input of admin name and admin pass will letting the CYT trying to access the router with no succes |
|
